Endpoint Group

Location in GUI: Tenants » XXX » Application Profiles » XXX » Application EPGs

In Cisco ACI, an Endpoint Group (EPG) is a logical group of endpoints (such as servers, virtual machines, and containers) that share common network and security policies.

Diagram

Classes

application_profiles (apic.tenants)

Name	Type	Constraint	Mandatory	Default Value
endpoint_groups	List	`[endpoint_groups]`	No

endpoint_groups (apic.tenants.application_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
alias	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ndo_managed	Boolean	`true`, `false`	No	`false`
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
flood_in_encap	Boolean	`true`, `false`	No	`false`
intra_epg_isolation	Boolean	`true`, `false`	No	`false`
preferred_group	Boolean	`true`, `false`	No	`false`
proxy_arp	Boolean	`true`, `false`	No	`false`
bridge_domain	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
physical_domains	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
vmware_vmm_domains	List	`[vmware_vmm_domains]`	No
static_ports	List	`[static_ports]`	No
static_leafs	List	`[static_leafs]`	No
static_endpoints	List	`[static_endpoints]`	No
subnets	List	`[subnets]`	No
contracts	Class	`[contracts]`	No
qos_class	Choice	`level1`, `level2`, `level3`, `level4`, `level5`, `level6`, `unspecified`	No	`unspecified`
custom_qos_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
tags	List	String[Regex: `^[a-zA-Z0-9_.-]{1,64}$`]	No
trust_control_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
l4l7_virtual_ips	List	`[l4l7_virtual_ips]`	No
l4l7_address_pools	List	`[l4l7_address_pools]`	No
data_plane_policing_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

vmware_vmm_domains (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
u_segmentation	Boolean	`true`, `false`	No	`false`
delimiter	String	Regex: `^[\|~!@^+=]$`	No
vlan	Integer	min: `1`, max: `4096`	No
primary_vlan	Integer	min: `1`, max: `4096`	No
secondary_vlan	Integer	min: `1`, max: `4096`	No
netflow	Boolean	`true`, `false`	No	`false`
deployment_immediacy	Choice	`immediate`, `lazy`	No	`lazy`
resolution_immediacy	Choice	`immediate`, `lazy`, `pre-provision`	No	`pre-provision`
allow_promiscuous	Choice	`reject`, `accept`	No	`reject`
forged_transmits	Choice	`reject`, `accept`	No	`reject`
mac_changes	Choice	`reject`, `accept`	No	`reject`
elag	String	Regex: `^[a-zA-Z0-9_.:-]{1,16}$`	No
active_uplinks_order	String	Regex: `^(\d+(,\d+)*)?$`	No
standby_uplinks	String	Regex: `^(\d+(,\d+)*)?$`	No
custom_epg_name	String	Regex: `^.{1,80}$`	No

static_ports (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
node_id	Integer	min: `1`, max: `4000`	No
node2_id	Integer	min: `1`, max: `4000`	No
fex_id	Integer	min: `101`, max: `199`	No
fex2_id	Integer	min: `101`, max: `199`	No
pod_id	Integer	min: `1`, max: `255`	No
module	Integer	min: `1`, max: `9`	No	`1`
port	Integer	min: `1`, max: `127`	No
sub_port	Integer	min: `1`, max: `16`	No
channel	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
vlan	Integer	min: `1`, max: `4096`	Yes
primary_vlan	Integer	min: `1`, max: `4096`	No
deployment_immediacy	Choice	`immediate`, `lazy`	No	`lazy`
mode	Choice	`regular`, `native`, `untagged`	No	`regular`
ptp	Class	`[ptp]`	No
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No

static_leafs (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
node_id	Integer	min: `1`, max: `4000`	Yes
pod_id	Integer	min: `1`, max: `255`	No
vlan	Integer	min: `1`, max: `4096`	Yes
deployment_immediacy	Choice	`immediate`, `lazy`	No	`lazy`
mode	Choice	`regular`, `native`, `untagged`	No	`regular`

static_endpoints (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
alias	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
vlan	Integer	min: `1`, max: `4096`	No
mac	MAC		Yes
ip	IP		No	`0.0.0.0`
type	Choice	`silent-host`, `tep`, `vep`	Yes
node_id	Integer	min: `1`, max: `4000`	No
node2_id	Integer	min: `1`, max: `4000`	No
pod_id	Integer	min: `1`, max: `255`	No
module	Integer	min: `1`, max: `9`	No	`1`
port	Integer	min: `1`, max: `127`	No
channel	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
additional_ips	List	IP	No

subnets (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
ip	IP		Yes
public	Boolean	`true`, `false`	No	`false`
shared	Boolean	`true`, `false`	No	`false`
igmp_querier	Boolean	`true`, `false`	No	`false`
nd_ra_prefix	Boolean	`true`, `false`	No	`true`
no_default_gateway	Boolean	`true`, `false`	No	`false`
virtual	Boolean	`true`, `false`	No	`false`
next_hop_ip	IP		No
anycast_mac	MAC		No
nlb_mode	Choice	`mode-mcast-igmp`, `mode-uc`, `mode-mcast-static`	No
nlb_group	IP		No	`0.0.0.0`
nlb_mac	MAC		No	`00:00:00:00:00:00`
ip_pools	List	`[ip_pools]`	No
nd_ra_prefix_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ip_dataplane_learning	Boolean	`true`, `false`	No

contracts (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory
consumers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
providers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
imported_consumers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
intra_epgs	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
masters	List	`[masters]`	No

l4l7_virtual_ips (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No

l4l7_address_pools (apic.tenants.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
gateway_address	IP		Yes
from	IP		No
to	IP		No

ptp (apic.tenants.application_profiles.endpoint_groups.static_ports)

Name	Type	Constraint	Mandatory	Default Value
mode	Choice	`multicast`, `multicast-master`, `unicast-master`	No	`multicast`
source_ip	IP		No	`0.0.0.0`
profile	String	Regex: `^[a-zA-Z0-9_.:-]{1,16}$`	Yes

ip_pools (apic.tenants.application_profiles.endpoint_groups.subnets)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
start_ip	IP		No	`0.0.0.0`
end_ip	IP		No	`0.0.0.0`
dns_search_suffix	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
dns_server	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
dns_suffix	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
wins_server	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

masters (apic.tenants.application_profiles.endpoint_groups.contracts)

Name	Type	Constraint	Mandatory	Default Value
application_profile	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
endpoint_group	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes

Examples

Example-1: This is a single example of an EPG configuration where a static port is defined using a single interface (non-vPC, non-port-channel). The configuration is placed under application profile AP1 and associated with bridge-domain BD1. The physical domain PHY1 is specified, and in the static port configuration, interface Eth1/10 on leaf node 101 with VLAN 135 is defined. In addition, the consumer contract CON1 is applied. The rest of the settings use default values.

apic:
  tenants:
    - name: ABC
      application_profiles:
        - name: AP1
          endpoint_groups:
            - name: EPG1
              bridge_domain: BD1
              physical_domains:
                - PHY1
              static_ports:
                - node_id: 101
                  port: 10
                  vlan: 135
              contracts:
                consumers:
                  - CON1

Example-2: This is a single example of an EPG configuration where a static port is defined using a vPC interface. The predefined vPC interface policy group Lf1010_Lf1011_eth1_1_vPC from the Access Policy is specified, and the nodes are defined as the vPC peers, leaf 1010 and leaf 1011. In this example, the mode is explicitly set to regular (trunk) and the deployment immediacy is specified as immediate. Apart from the static port specification, the configuration is the same as Example-1.

apic:
  tenants:
    - name: ABC
      application_profiles:
        - name: AP1
          endpoint_groups:
            - name: EPG1
              bridge_domain: BD1
              physical_domains:
                - PHY1
              static_ports:
                - channel: Lf1010_Lf1011_eth1_1_vPC
                  node_id: 1010
                  node2_id: 1011
                  vlan: 135
                  mode: regular
                  deployment_immediacy: immediate
              contracts:
                consumers:
                  - CON1

Exmaple-3: This is a single example of an EPG configuration where a static port is defined using a PC interface. The predefined PC interface policy group Internet_PC from the Access Policy is specified, and the nodes are defined as the PC, leaf 1010. In this example, the mode is explicitly set to regular (trunk) and the deployment immediacy is specified as immediate. Apart from the static port specification, the configuration is the same as Example-1.

apic:
  tenants:
    - name: ABC
      application_profiles:
        - name: AP1
          endpoint_groups:
            - name: EPG1
              bridge_domain: BD1
              physical_domains:
                - PHY1
              static_ports:
                - channel: Internet_PC
                  node_id: 1010
                  vlan: 135
                  mode: regular
                  deployment_immediacy: immediate
              contracts:
                consumers:
                  - CON1

Example-4: This is a single example of a configuration where all parameters are explicitly specified.

apic:
  tenants:
    - name: ABC
      application_profiles:
        - name: AP1
          endpoint_groups:
            - name: EPG1
              bridge_domain: BD1
              flood_in_encap: false
              intra_epg_isolation: false
              preferred_group: false
              data_plane_policing_policy: DPP1
              physical_domains:
                - PHY1
              vmware_vmm_domains:
                - name: VMM1
                  u_segmentation: true
                  delimiter: '|'
                  vlan:
                  primary_vlan: 100
                  secondary_vlan: 101
                  netflow: false
                  deployment_immediacy: lazy
                  resolution_immediacy: immediate
                  allow_promiscuous: reject
                  forged_transmits: reject
                  mac_changes: reject
                  elag: ELAGCustom
                  active_uplinks_order: 1,2
                  standby_uplinks: 3,4
              static_ports:
                - node_id: 101
                  description: Static Port Description
                  port: 10
                  vlan: 135
                  mode: regular
                  deployment_immediacy: lazy
              static_leafs:
                - pod_id: 1
                  node_id: 101
                  vlan: 135
                  primary_vlan: 136
                  mode: regular
                  deployment_immediacy: lazy
              static_endpoints:
                - name: ST_EP1
                  mac: 00:00:00:00:00:01
                  ip: 1.1.1.1
                  type: silent-host
                  vlan: 123
                  node_id: 101
                  port: 1
              contracts:
                consumers:
                  - CON1
                providers:
                  - CON1
                imported_consumers:
                  - IMPORT-CON1
                intra_epgs:
                  - CON1
              subnets:
                - ip: 5.50.5.1/30
                  description: My Desc
                  public: true
                  shared: true
                  igmp_querier: true
                  nd_ra_prefix: true
                  no_default_gateway: false
                - ip: 5.50.5.5/32
                  no_default_gateway: true
                  next_hop_ip: 8.8.8.8
                  ips_pools:
                    - name: POOL1
                      start_ip: 172.16.0.1
                      end_ip: 172.16.0.10
                      dns_server: dns.cisco.com
                      dns_search_suffix: cisco
                      dns_suffix: cisco
                      wins_server: wins
                - ip: fd00:0:abcd:2::2/64
                  description: My IPv6 Desc
                  public: true
                  shared: false
                  igmp_querier: true
                  nd_ra_prefix: true
                  no_default_gateway: true
                  nd_ra_prefix_policy: ND-RA-PREFIX1
                  ip_dataplane_learning: false
              tags:
                - tag1
                - tag2
              l4l7_virtual_ips:
                - ip: 11.11.11.11
                  description: My LB VIP
              l4l7_address_pools:
                - name: L4L7_POOL1
                  gateway_address: 11.11.11.254/24
                  from: 11.11.11.100
                  to: 11.11.11.200